To protect its users against SIM hackers, Instagram is building a new 2-factor authentication system that doesn’t rely on SMS.
The traditional 2-factor authentication method that relies on an SMS to a phone number isn’t safe from hacking. According to recent reports, hackers can steal your Instagram account by porting your phone number onto a different SIM card and simply requesting to change your password; all this, without you ever knowing. Hackers then sell your Instagram (or other accounts for Bitcoin).
To thwart them, Instagram is now building a non-SMS 2-factor authentication system that works with security apps like Google Authenticator or Duo. The apps generate codes that can’t be generated on a different device with a ported SIM.
Social media tipster Jane Manchun Wong spotted the feature buried in the Instagram Android app’s APK, and following a report by TechCrunch and other news outlets, the feature has been confirmed by Instagram. A spokesperson confirmed, “we’re continuing to improve the security of Instagram accounts, including strengthening 2-factor authentication.”
Strangely enough, Instagram didn’t actually have two-factor authentication until 2016. While SMS 2FA worked or a while, SIM porting has become a much more common and serious problem. This article can help you protect your phone number from porting.